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DETAILED ACTION 

Information Disclosure Statement 

1. As required by M.P.E.P. 609(C), the applicant's submissions of the Information 
Disclosure Statements dated May 9th, 2007 is acknowledged by the examiner and the cited 
references have been considered in the examination of the claims now pending. As required by 
M.P.E.P 609 C (2), a copy of the PTOL-1449 initialed and dated by the examiner is attached to 
the instant office action. 

Response to Amendment 

2. This Office Action is in response to applicant's communication filed May 22, 2007. The 
Applicant's remarks and amendments to the claims and/or the specification were considered 
with the results that follow. 

3. In response to the last Office Action, claims 1-10 and 13-22 are presently active. Claims 
11 and 12 have been canceled. Claims 7-10 and 13 are amended. Claims 14-22 have been 
newly added. As a result, claims 1-10 and 13-22 are now pending in this application. 

4. Rejection of claims 1 1 and 12 under 35 U.S.C. 112, 2 nd Paragraph has been withdrawn. 

Response to Arguments 

5. Applicant's arguments with respect to claim 1-10 and 13-22 have been considered but are 
moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC § 101 

35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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Claims 4-6, 7 and 17-19 are rejected under 35 U.S.C. 101 because the claimed 
invention is directed to non-statutory subject matter. 

Claims 4-6, 7 and 17-19 are directed to an apparatus comprising software per se. 
Software per se is not one of the four categories of invention. Software per se is not a series of 
steps or acts and thus is not a process. Software per se is not a physical article or object and as 
such is not a machine or manufacture. Software per se is not a combination of substances and 
thus, is not a composition of matter. Therefore, claims 4-6, 7 and 17-19 are non-statutory. 

Claim Rejections - 35 USC § 112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

. Claims 4, 5, 7 and 17-19 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Claims 4, 5, 7 and 17-19 are vague and indefinite because the steps in the body of the 
claim recite the limitation of "means for..." which has been reasonably construed as the attempt 
by Applicant to invoke 35 U.S.C. 1 12, sixth paragraph. However, the metes and bounds of the 
claim have not been specifically defined for the limitation of "means for..." in the specification. 
The instant disclosure does not defined the structures necessary for each "means for 35 U.S.C. 
112, sixth paragraph states that a claim limitation expressed in means-plus-function language 
"shall be construed to cover the corresponding structure... described in the specification and 
equivalents thereof." "If one employs means plus function language in a claim, one must set 
forth in the specification an adequate disclosure showing what is meant by that language. If an 
applicant fails to set forth an adequate disclosure, the applicant has in effect failed to particularly 
point out and distinctly claim the invention as required by the second paragraph of section 1 12. 
In re Donaldson Co., 16 F.3d 1189, 1195, 29 USPQ2d 1845, 1850 (Fed. Cir. 1994) (in banc). 
(See MPEP 2181 [R-2]). 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1, 3, 4, 6, 8, 10 and 10 are rejected under 35 U.S.C. 102(b) as being anticipated 
by Subramaniam et al. (Patent no.: 6081900). 

Regarding claim 1, Subramaniam et al. teach: 

A database access control method for performing access control on a database in 
response to a request from a user apparatus through cooperation between a database access 
control apparatus and a proxy process server apparatus (see e.g. Abstract), wherein: 

the database access control apparatus sends an address of a usable proxy process 
server apparatus to the user apparatus in response to the request from the user apparatus (see 
e.g.col.3 lines 19-33, col.4 lines 45-50 and col. 5 lines 38-49, note that in the secure network 
servers (proxy server within the border server) and clients are connected by IP link); 

the user apparatus connects to the proxy process server apparatus of the address to 
make a database access request (see e.g. col. 4, lines 58-64, note that user makes a 
database access request); 

the proxy process server apparatus makes a database process request to the database 
access control apparatus according to the database access request from the user apparatus 
(see e.g.col.6 lines 42-45, note that makes a database process request); 

the database access control apparatus performs a process on the database in response 
to the database process request from the proxy process server apparatus (see e.g. col. 9 lines 
44-56 and col. 10 lines 5-35, note that proxy server corresponds to transformer have 
caching capability to perform the process), and sends a process result to the proxy process 
sever apparatus (see e.g. col. 10 lines 36-40, note that sending request to the proxy server); 
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the proxy process server apparatus performs an additional process on the process result 
sent from the database access control apparatus (see e.g. col. 10 lines 20-66 and col. 1 1 lines 
1-13, note that performs an additional process), and sends an additional process result to 
the user apparatus (see e.g. col. 11 lines 14-21, note that sends the result for additional 
process to the client) 

For claim 3, Subramaniam et al. teach: 

the database access control apparatus determines whether the user apparatus is in a 
state of being connected to the proxy process server apparatus in addition to performing 
determination of the access key (see e.g. col. 8 lines 40-50), and performs the access to the 
data in the database only if the user apparatus is in the state of being connected to the proxy 
process server apparatus (see e.g. col. 8 lines 50-53). 

For claim 4, Subramaniam et al. teach: 

A database access control apparatus for performing access control on a database in 
response to a request from a user apparatus through cooperation with a proxy process server 
apparatus, comprising: 

means for instructing the user apparatus to connect to the proxy process server 
apparatus by sending an address of a usable proxy process server apparatus to the user 
apparatus in response to a request from the user apparatus (see e.g.col.3 lines 19-33, col.4 
lines 45-50 and col.5 lines 38-49, note that in the secure network servers and clients are 
connected by IP link) 

means for performing a process on the database in response to a database process 
request from the proxy process server, apparatus (see e.g. col. 10 lines 5-35, note that caching 
perform the process), and sending a process result to the proxy process sever apparatus (see 
e.g. col. 10 lines 36-40, note that sending request to the proxy server). 

For claim 6, Subramaniam et al. teach: 

the database access control apparatus determines whether the user apparatus is in a 
state of being connected to the proxy process server apparatus in addition to performing 
determination of the access key (see e.g. col. 8 lines 40-50), and performs the access to the 
data in the database only if the user apparatus is in the state of being connected to the proxy 
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process server apparatus (see e.g. col. 8 lines 50-53). 

For claim 8, Subramaniam et al. teach: 
A computer readable storage medium encoded with a_program for causing a computer to 
execute a database access control process for performing access control on a database in 
response to a request from a user apparatus through cooperation with a proxy process server 
apparatus, the program causing the computer to execute: 

a step for instructing the user apparatus to connect to the proxy process server 
apparatus by sending an address of a usable proxy process server apparatus to the user 
apparatus in response to a request from the user apparatus (see e.g. col. 3 lines 19-33, col.4 
lines 45-50 and col.5 lines 38-49, note that in the secure network servers and clients are 
connected by IP link) 

a step for performing a process on the database in response to a database process 
request from the proxy process server apparatus (see e.g. col. 10 lines 5-35, note that caching 
perform the process), and sending a process result to the proxy process sever apparatus (see 
e.g. col. 10 lines 36-40, note that sending request to the proxy server). 

For claim 10, Subramaniam et al. teach: 

determining whether the user apparatus is in a state of being connected to the proxy 
process server apparatus in addition to performing determination of the access key (see e.g. 
col. 8 lines 40-50), and performing the access to the data in the database only if the user 
apparatus is in the state of being connected to the proxy process server apparatus (see e.g. col. 
8 lines 50-53). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 101 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such thfct the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

6. Regarding claims 2, 5, 7, 9 and 13-22 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Subramaniam et al. (Patent no.: 6081900) in view of Kitano Guthrie et al. 
(Patent no.: 6606627 B1). 

Regarding claim 2, Subramaniam et al. 

teaches all of the claimed subject matter as discussed above with respect to claim 1 , but 
fails to discloses 

'the access key being generated by the database access control apparatus based on a 
user ID of the user apparatus' 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 48-60 
and , note that session data including the user ID)'. 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the same 
field of endeavor of accessing secure data. 

It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 

Regarding claim 5, Subramaniam et al. 

teaches all of the claimed subject matter as discussed above with respect to claim 4, but 
fails to discloses 

'the access key being generated by the database access control apparatus based on a 
user ID of the user apparatus' 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 48-60 
and , note that session data including the user ID)'. 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the 
same field of endeavor of accessing secure data. 
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It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 

Regarding claim 7, Subramaniam et al. teach: 

A proxy process server apparatus for accessing a database via a database access 
control apparatus in response to a request from a user apparatus, comprising: 

means for receiving an access key and a database access request from the user 
apparatus (see e.g. col.1 lines 38-46 and col. 11 lines 64-67, note that this process is 
performed in SSL handshake protocol, which include exchanging plurality of messages 
between the client and server and establishing a session ID which is refers here 'access 
key'), 

stored in the database access control apparatus and having been sent to the user 
apparatus (see e.g. col. 1 1 lines 44-67, note that generate session keys to be used to 
encrypt and decrypt information transferred through the sockets connection to the 
client) 

means for sending a database process request and the access key to the database 
access control apparatus (see e.g. col. 1 lines 38-46, note that the server sends the client 
the server's SSL session ID and other information that the client needs to communicate 
with the server over SSL and also sends secure communication if client's computer is 
authenticated); 

receiving a process result of the database according to the database process request 
from the database access control apparatus when an access key same as the access key sent 
from the proxy process server apparatus exists in the database access control apparatus (see 
e.g. col. 8 lines 31-46), performing an additional process on the process result (see e.g. col. 10 
lines 20-66 and col. 11 lines 1-13, note that performs an additional process), and sending an 
additional process result to the user apparatus (see e.g. col. 1 1 lines 14-21 , note that sends 
the result for additional process to the client). 

Subramaniam et al. does not show explicitly 'the access key being generated by the 
database access control apparatus based on a user ID of the user apparatus 1 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
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access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 48-60 
and , note that session data including the user ID)'. 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the same 
field of endeavor of accessing secure data. 

It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 

Regarding claim 9, Subramaniam et al. 

teaches all of the claimed subject matter as discussed above with respect to claim 8, but 
fails to discloses 

'the access key being generated by the database access control apparatus based on a 
user ID of the user apparatus' 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 48-60 
and , note that session data including the user ID)'. 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the same 
field of endeavor of accessing secure data. 

It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 

Regarding claim 13, Subramaniam etal. teach: 
A computer readable recording medium embedded with a computer program for causing a 
computer to perform a proxy process for accessing a database via a database access control 
apparatus in response to a request from a user apparatus, the program causing the computer to 
execute: 

a step for receiving an access key and a database access request from the user apparatus (see 
e.g. col.1 lines 38-46 and col. 11 lines 64-67, note that this process is performed in SSL 
handshake protocol, which include exchanging plurality of messages between the client 
and server and establishing a session ID which is refers here 'access key 1 ), being stored 
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in the database access control apparatus and having been sent to the user apparatus(see e.g. 
col 11 lines 44-67, note that generate session keys to be used to encrypt and decrypt 
information transferred through the sockets connection to the client) 
a step for sending a database process request and the access key to the database access 
control apparatus apparatus (see e.g. col. 1 lines 38-46, note that the server sends the 
client the server's SSL session ID and other information that the client needs to 
communicate with the server over SSL and also sends secure communication if client's 
computer is authenticated); ; and 

a step for receiving a process result of the database according to the database process 
request from the database access control apparatus when an access key same as the access 
key sent from the proxy process server apparatus exists in the database access control 
apparatus (see e.g. col. 8 lines 31-46), performing an additional process on the process result 
(see e.g. col. 10 lines 20-66 and col. 11 lines 1-13, note that performs an additional 
process), and sending an additional process result to the user apparatus (see e.g. col. 1 1 lines 
14-21 , note that sends the result for additional process to the client). 

Subramaniam et al. does not show explicitly 'the access key being generated by the 
database access control apparatus based on a user ID of the user apparatus' 

Guthrie et al. discloses in their invention 'the access key being generated by the database 
access control apparatus based on a user ID of the user apparatus (see e.g. col. 5 lines 48-60 
and , note that session data including the user ID)'. 

Subramaniam et al. and Guthrie et al. are analogous art because they are from the same 
field of endeavor of accessing secure data. 

It would have been obvious to one of ordinary skill in the art at the time the invention was 
made to receive an access key and a database access request from the user apparatus as 
taught by Guthrie et al. in order to reduce the cost of managing application by sharing the 
resources. 

For claim 14, Subramaniam et al. teach: 

the database access control apparatus overwrites or erases the access key stored in the 
storing part after performing the process on the database in response to the database process 
request from the proxy server apparatus (see e.g. col. 8 line58-67 and col. 9 lines 1-10). 
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For claim 15, Subramaniam et aL teach: 

the database access control apparatus overwrites or erases the access key stored in the 
storing part when the database access control apparatus is accessed by the user apparatus 
next (see e.g. col. 8 line58-67 and col. 9 lines 1-10). 

For claim 16, Subramaniam et al. teach: 

the database access control apparatus overwrites or erases the access key stored in the 
storing part when the database access control apparatus receives a next request from the user 
apparatus (see e.g. col. 8 line58-67 and col. 9 lines 1-10). 

For claim 17, Subramaniam et al. teach: 

means for overwriting or erasing the access key stored in the storing part of the database 
access control apparatus after the database access control apparatus performs the process on 
the database in response to the database process request from the proxy server apparatus (see 
e.g. col. 8 line58-67 and col. 9 lines 1-10). 

For claim 18, Subramaniam et al. teach: 

the database access control apparatus overwrites or erases the access key stored in the 
storing part when the database access control apparatus is accessed by the user apparatus 
next (see e.g. col. 8 line58-67 and col. 9 lines 1-10). 

For claim 19, Subramaniam et al. teach: 

means for overwriting or erasing the access key stored in the storing part when the 
database access control apparatus receives a next request from the user apparatus (see e.g. 
col. 8 line58-67 and col. 9 lines 1-10). 

For claim 20, Subramaniam et al. teach: 

a step for overwriting or erasing the access key stored in the storing part of the database 
access control apparatus after the database access control apparatus performs the process on 
the database in response to the database process request from the proxy server apparatus (see 
e.g. col. 8 line58-67 and col. 9 lines 1-10). 

For claim 21, Subramaniam et al. teach: 
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a step for overwriting or erasing the access key stored in the storing part when the 
database access control apparatus is accessed by the user apparatus next (see e.g. col. 8 
line58-67 and col. 9 lines 1-10). 

For claim 22, Subramaniam et al. teach: 

a step for overwriting or erasing the access key stored in the storing part when the 
database access control apparatus receives a next request from the user apparatus (see e.g. 
col. 8 line58-67 and col. 9 lines 1-10). 

Conclusion 

7. The examiner requests, in response to this Office action, support be shown for language 
added to any original claims on amendment and any new claims. That is, indicate support for 
newly added claim language by specifically pointing to page(s) and line no(s) in the specification 
and/or drawing figure(s). This will assist the examiner in prosecuting the application. 

8. When responding to this office action, Applicant is advised to clearly point out the 
patentable nove% which he or she thinks the claims present, in view of the state of the art 
disclosed by the references cited or the objections made. He or she must also show how the 
amendments avoid such references or objections See 37 CFR 1 . 1 1 1 (c). 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Andalib F. Lodhi whose telephone number is (571) 270-1759. The 
examiner can normally be reached on Monday-Friday, 7:30am- 5:00pm, EST Alt Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Christian Chace can be reached on (571) 272-4190. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



July 30th, 2007 



AU 2169 




/HPham/ 





